How GitHub Apparently Ended Up In The Crosshairs Of Chinese Hackers

The big code repository GitHub is currently fighting off a large, prolonged denial of service attack—apparently in part because China or its sympathizers took exception to dissidents who use GitHub to host software for routing around China’s Great Firewall.

No group has taken responsibility for the attack, but several indications suggest that its perpetrators are retaliating against China’s perceived enemies. Some of the main GitHub pages targeted in the attack are repositories that specifically aim to help Chinese nationals get around the government’s firewall.

One such repo belongs to Greatfire.org, an organization that tracks online censorship in China. Its GitHub repository includes both links for individuals who want to access sites banned in China and software that website owners can use to redirect people to unblocked versions of their sites. Another targeted repo provides mirror links to the New York Times’ Chinese language site, which is inaccessible in China.

Another clue: The majority of attack traffic is coming from users of Chinese search engine Baidu, which denies involvement in the attack and claims it has not been compromised. In its official statement, GitHub appears to be referring to hijacked Baidu users when it described the attack as using “sophisticated new techniques that use the Web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.”

China has apparently issued no statement on the attack. GitHub described the attack’s target only in the most delicate terms: “Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.”

After 113 hours of sustained DDoS attacks our defenses are holding. We will keep our status at yellow until the threat has subsided.

The attack began around 2am UTC on Thursday, and is still going four days later. While the site has been unavailable during some of the time over the course of the attack, it’s up now despite ongoing traffic onslaughts. One of the reasons GitHub is having trouble mitigating the attack is because engineers say the attacker’s techniques are evolving in unspecified ways.

GitHub’s global reputation as a place to store code without fear of censorship has repeatedly made it a target for countries that would restrict free speech. In January, India blocked the site in an apparent effort to curb ISIS propaganda directed at its citizens, although it almost immediately reversed itself following protests from Indian developers who depend on GitHub.